Windows 2000 Exploit Code Released

Exploit code for a known security flaw in Microsoft Windows 2000 has been posted online, putting millions of users at risk of a PC hijack.

Exploit code for a known security flaw in Windows 2000 has been posted online, putting millions of users at risk of a PC hijack. MS04-019 and MS04-022 security patches are available to fix the problem.

Less than a week after Microsoft released a fix for an "important" privilege elevation vulnerability in the Windows 2000 Utility Manager feature, hackers have reverse-engineered the patch and released the code that could lead to an exploit.

Microsoft confirmed that the vulnerability could allow a logged-on
user to misuse the Utility Manager to start an application with system
privileges and take control of the system.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts that have full privileges," the
company warned.

The availability of exploit code increases the risk of viruses and worms
targeting the Windows 2000 OS family, which is installed on the majority of
enterprise desktops in the United States.

It also highlights the patch management conundrum faced by the software
giant as it struggles to cope with the speed with which hackers create and release
malicious exploits. According to Microsoft statistics, an exploit for the
Code Red and Nimda worms was released 331 days after a patch was made available. In
the case of the Slammer worm, exploit code was available in 180 days, and the Blaster worm exploit was ready in just 25 days.

The SANS Internet Storm Center also detected another exploit targeting the
MS04-022
flaw. The center did not provide any additional information.

The MS04-022 advisory patches a buffer overflow in the Windows Task
Scheduler feature that could lead to system hijack. Affected products
include Windows 2000 and Windows XP. The Windows NT Workstation and Windows
NT Server operating systems are not affected by default.

As with the MS04-019 vulnerability, this flaw also allows attackers to hijack affected systems,
install programs, view, change, or
delete data with full privileges.

Late Monday, Microsoft released an update to MS04-022 patch to provide an
additional workaround to prevent the possibility of an attack.